CVE-2013-0282
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
12/04/2013
Last modified:
11/04/2025
Description
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:* | 2012.1 (including) | 2012.1.3 (including) |
| cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:* | 2012.2 (including) | 2012.2.4 (including) |
| cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:* | ||
| cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:* | ||
| cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2013/02/19/3
- https://bugs.launchpad.net/keystone/+bug/1121494
- https://launchpad.net/keystone/+milestone/2012.2.4
- https://launchpad.net/keystone/grizzly/2013.1
- https://review.openstack.org/#/c/22319/
- https://review.openstack.org/#/c/22320/
- https://review.openstack.org/#/c/22321/
- http://www.openwall.com/lists/oss-security/2013/02/19/3
- https://bugs.launchpad.net/keystone/+bug/1121494
- https://launchpad.net/keystone/+milestone/2012.2.4
- https://launchpad.net/keystone/grizzly/2013.1
- https://review.openstack.org/#/c/22319/
- https://review.openstack.org/#/c/22320/
- https://review.openstack.org/#/c/22321/